*** markvoelker has joined #openstack-security | 00:12 | |
*** markvoelker_ has joined #openstack-security | 00:13 | |
*** markvoel_ has joined #openstack-security | 00:15 | |
*** markvoelker has quit IRC | 00:15 | |
*** markvoelker_ has quit IRC | 00:19 | |
openstackgerrit | Rahul U Nair proposed openstack/syntribos: Checks for Syntribos signals https://review.openstack.org/332519 | 00:24 |
---|---|---|
*** austin987 has quit IRC | 00:35 | |
*** catintheroof has joined #openstack-security | 00:47 | |
*** edtubill has quit IRC | 00:57 | |
*** catintheroof has quit IRC | 01:07 | |
*** vinaypotluri has quit IRC | 01:11 | |
*** salv-orlando has joined #openstack-security | 02:00 | |
*** salv-orlando has quit IRC | 02:07 | |
*** jamielennox is now known as jamielennox|away | 02:16 | |
*** jamielennox|away is now known as jamielennox | 02:17 | |
*** browne has quit IRC | 02:21 | |
*** jhfeng has joined #openstack-security | 02:38 | |
*** yuanying has quit IRC | 02:46 | |
*** Long_yanG has joined #openstack-security | 02:51 | |
*** LongyanG has quit IRC | 02:51 | |
*** austin987 has joined #openstack-security | 03:00 | |
*** jhfeng has quit IRC | 03:01 | |
*** slacksilver has joined #openstack-security | 03:09 | |
slacksilver | hola | 03:10 |
*** jhfeng has joined #openstack-security | 03:13 | |
*** salv-orlando has joined #openstack-security | 03:14 | |
slacksilver | hola | 03:18 |
*** slacksilver has left #openstack-security | 03:21 | |
*** salv-orlando has quit IRC | 03:21 | |
*** elmiko is now known as _elmiko | 03:31 | |
*** jhfeng has quit IRC | 03:41 | |
*** catintheroof has joined #openstack-security | 03:44 | |
*** yuanying has joined #openstack-security | 03:47 | |
*** dave-mcc_ has quit IRC | 03:48 | |
*** catintheroof has quit IRC | 04:02 | |
*** liverpooler has quit IRC | 04:15 | |
*** liverpoo1er has quit IRC | 04:15 | |
*** salv-orlando has joined #openstack-security | 04:28 | |
*** salv-orlando has quit IRC | 04:35 | |
*** rcernin has joined #openstack-security | 04:56 | |
*** rcernin has quit IRC | 05:16 | |
*** salv-orlando has joined #openstack-security | 05:37 | |
*** rcernin has joined #openstack-security | 05:54 | |
*** liverpoo1er has joined #openstack-security | 05:57 | |
*** liverpooler has joined #openstack-security | 05:57 | |
*** chair6 has quit IRC | 06:16 | |
*** chair6 has joined #openstack-security | 06:20 | |
*** salv-orl_ has joined #openstack-security | 06:38 | |
*** salv-orlando has quit IRC | 06:41 | |
*** archlinux_xfce4 has joined #openstack-security | 06:41 | |
*** tesseract- has joined #openstack-security | 06:47 | |
*** archlinux_xfce4 has quit IRC | 06:57 | |
*** salv-orl_ has quit IRC | 07:20 | |
*** pcaruana has joined #openstack-security | 07:22 | |
*** unrahul has quit IRC | 07:42 | |
*** salv-orlando has joined #openstack-security | 08:14 | |
*** M00nr41n has joined #openstack-security | 08:18 | |
*** dmk0202 has joined #openstack-security | 08:23 | |
*** liverpoo1er has quit IRC | 10:00 | |
*** liverpoo1er has joined #openstack-security | 10:00 | |
*** sigmavirus24 is now known as sigmavirus24_awa | 11:43 | |
*** sdake has quit IRC | 11:48 | |
*** sdake has joined #openstack-security | 12:03 | |
*** dave-mccowan has joined #openstack-security | 12:19 | |
*** d0ugal has quit IRC | 12:25 | |
*** d0ugal has joined #openstack-security | 12:25 | |
*** aurelien has joined #openstack-security | 12:27 | |
*** salv-orl_ has joined #openstack-security | 12:39 | |
*** salv-orlando has quit IRC | 12:41 | |
*** sdake has quit IRC | 12:43 | |
*** edmondsw has joined #openstack-security | 12:43 | |
*** jhfeng has joined #openstack-security | 12:59 | |
*** salv-orl_ has quit IRC | 13:03 | |
*** salv-orlando has joined #openstack-security | 13:12 | |
*** aurelien has quit IRC | 13:16 | |
*** _elmiko is now known as elmiko | 13:18 | |
*** BigWillie has joined #openstack-security | 13:24 | |
*** liverpoo1er has quit IRC | 13:27 | |
*** liverpooler has quit IRC | 13:33 | |
*** sdake has joined #openstack-security | 13:37 | |
*** jmckind has joined #openstack-security | 13:40 | |
*** woodburn has joined #openstack-security | 13:50 | |
*** ametts has joined #openstack-security | 14:01 | |
*** jet__08 has joined #openstack-security | 14:03 | |
*** jhfeng has quit IRC | 14:04 | |
jet__08 | hi | 14:06 |
jet__08 | hi all | 14:09 |
*** edtubill has joined #openstack-security | 14:17 | |
*** sigmavirus24_awa is now known as sigmavirus24 | 14:22 | |
*** mvaldes has joined #openstack-security | 14:23 | |
*** jhfeng has joined #openstack-security | 14:33 | |
*** chair6 has quit IRC | 14:50 | |
*** chair6 has joined #openstack-security | 14:50 | |
*** zul has quit IRC | 14:54 | |
*** zul has joined #openstack-security | 14:55 | |
*** unrahul has joined #openstack-security | 15:02 | |
*** rcernin has quit IRC | 15:09 | |
*** sdake has quit IRC | 15:10 | |
*** agireud has quit IRC | 15:10 | |
*** yarkot1 has quit IRC | 15:10 | |
*** tesseract- has quit IRC | 15:10 | |
*** yarkot1 has joined #openstack-security | 15:11 | |
*** sdake_ has joined #openstack-security | 15:11 | |
*** agireud has joined #openstack-security | 15:11 | |
*** sdake has joined #openstack-security | 15:18 | |
*** sdake_ has quit IRC | 15:19 | |
*** pcaruana has quit IRC | 15:22 | |
*** rcernin has joined #openstack-security | 15:24 | |
*** ccneill has joined #openstack-security | 15:25 | |
*** pcaruana has joined #openstack-security | 15:36 | |
*** vinaypotluri has joined #openstack-security | 15:43 | |
*** catintheroof has joined #openstack-security | 15:49 | |
*** elmiko is now known as _elmiko | 16:01 | |
*** dmk0202 has quit IRC | 16:02 | |
*** jmckind_ has joined #openstack-security | 16:23 | |
openstackgerrit | Charles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals https://review.openstack.org/331833 | 16:25 |
*** jmckind has quit IRC | 16:26 | |
*** mvaldes1 has joined #openstack-security | 16:30 | |
*** jmckind has joined #openstack-security | 16:32 | |
*** mvaldes has quit IRC | 16:33 | |
*** ccneill has quit IRC | 16:34 | |
*** jmckind_ has quit IRC | 16:35 | |
*** rcernin has quit IRC | 16:40 | |
*** pcaruana has quit IRC | 16:43 | |
*** jmckind_ has joined #openstack-security | 16:54 | |
*** jmckind has quit IRC | 16:57 | |
*** sdake_ has joined #openstack-security | 17:09 | |
*** sdake has quit IRC | 17:10 | |
*** rcernin has joined #openstack-security | 17:20 | |
*** sdake_ has quit IRC | 17:29 | |
*** ccneill has joined #openstack-security | 17:42 | |
*** n0rma1 has joined #openstack-security | 17:48 | |
openstackgerrit | Charles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals https://review.openstack.org/331833 | 17:50 |
*** liverpooler has joined #openstack-security | 18:00 | |
*** salv-orlando has quit IRC | 18:02 | |
*** salv-orlando has joined #openstack-security | 18:03 | |
*** salv-orlando has quit IRC | 18:07 | |
*** mvaldes1 has quit IRC | 18:08 | |
*** jet__08 has quit IRC | 18:13 | |
*** jmckind has joined #openstack-security | 18:15 | |
*** browne has joined #openstack-security | 18:17 | |
*** jmckind_ has quit IRC | 18:18 | |
*** jmckind_ has joined #openstack-security | 18:19 | |
*** mvaldes has joined #openstack-security | 18:21 | |
*** jmckind has quit IRC | 18:22 | |
ccneill | unrahul: just read over your gist again | 18:39 |
ccneill | unrahul: I like the idea of using YAML for some of this | 18:39 |
ccneill | I'm just worried we'll have to create a whole DSL to be able to represent all the checks we want.. | 18:40 |
ccneill | for instance, specifying the logic for determining a signal's strength in yaml seems.. difficult | 18:40 |
ccneill | slug creation seems somewhat hard too | 18:41 |
ccneill | e.g. HTTP_STATUS_CODE_5XX_500 would require you to specify 1) some kind of range() check to get the 5XX part, and then 2) appending the actual status code | 18:41 |
*** sdake has joined #openstack-security | 18:47 | |
ccneill | unrahul: take a look at the content type check I was working on at the bottom of this file: https://review.openstack.org/#/c/331833/7/syntribos/checks/http.py | 18:47 |
ccneill | I have a feeling it would be very hard to specify some kind of logic in YAML to replicate that check | 18:47 |
ccneill | :/ | 18:47 |
ccneill | not impossible, just a fair amount of work | 18:47 |
mvaldes | what if we use xml in place of yaml | 18:48 |
ccneill | mvaldes: get out | 18:48 |
ccneill | :P | 18:48 |
mvaldes | ehe | 18:48 |
ccneill | we *could* basically reduce all checks down to regular expressions... | 18:49 |
ccneill | e.g. "Content-Type: ([a-zA-Z\-]/[a-zA-Z\-\+)(; .*)" | 18:50 |
ccneill | but then checks are only as comprehensible as the regexes we write | 18:50 |
mvaldes | i think since this is for "custom checks" we can wait and make sure we identify real cases where we would use this | 18:51 |
*** n0rma1 has left #openstack-security | 18:51 | |
ccneill | I think arbitrary string presence is probably one of the best examples, but I'm not sure how many others we'll end up with | 18:52 |
mvaldes | right | 18:52 |
mvaldes | that one is probably easy to do one way or another | 18:53 |
mvaldes | the problem is if something else comes up? | 18:53 |
ccneill | yeah | 18:55 |
ccneill | it's really how we deal with checks that take parameters outside of what we can expect to be associated with the test object | 18:55 |
*** sdake_ has joined #openstack-security | 18:55 | |
ccneill | we can easily run checks against init_resp and resp off the test object like getting the status code, but if we need to check for presence of a list of strings, we can't easily specify that in a clean way if we just want test writers to provide a list of slugs they care about | 18:56 |
mvaldes | another concept like ACTION_FIELD maybe | 18:56 |
mvaldes | eh | 18:57 |
mvaldes | right | 18:57 |
ccneill | I'm also trying to keep us from inventing a super-complicated language to make it "easier" to write tests | 18:57 |
ccneill | like.. yeah, we might reduce the amount of python a test writer has to write, but they also have to learn our language | 18:57 |
ccneill | which might be buggy | 18:57 |
ccneill | or require a huge investment from us to make it workable | 18:57 |
*** sdake has quit IRC | 18:58 | |
ccneill | ¯\_(ツ)_/¯ | 18:58 |
ccneill | the simple slug approach is appealing in some ways though... e.g. we might want to specify a sort of pipeline for this check https://review.openstack.org/#/c/332519/3/syntribos/checks/content_validity.py | 19:03 |
ccneill | CONTENT_TYPE | CONTENT_VALIDITY | 19:03 |
openstackgerrit | Merged openstack/syntribos: Simplified imports and added constants https://review.openstack.org/331831 | 19:09 |
unrahul | ccneill: mvaldes guys, was away. | 19:09 |
unrahul | ccneill: yeah.. in a way if we keep inventing things, it would be cool, but complicated. | 19:09 |
unrahul | i like the pipeline approach though | 19:10 |
unrahul | give all the basic building blocks of checks and give the test writer the flexibility to mix and match | 19:10 |
ccneill | yep | 19:10 |
ccneill | if we switch to taking Test objects in checks, we can hack the pipeline functionality by just specifying the checks in a meaningful order and having checks look at the test object for previous signals | 19:11 |
ccneill | probably the simplest approach | 19:11 |
ccneill | and then maybe we can further abstract it in the future | 19:11 |
unrahul | hmm.. yeah.. and in way.. i am not sure, there would be that complicated checks needed.. if it is, then it would be really custom.. | 19:12 |
unrahul | aah.. i dont know.. !.. | 19:14 |
ccneill | I was also thinking about another minor annoyance last night when I couldn't sleep lol | 19:14 |
ccneill | we send the unfuzzed request from the template for each test type... | 19:14 |
ccneill | :S | 19:15 |
unrahul | :o , oh.. we dont need that.. init_req is doing that in fuzz ryt.. dont think we need to do that again... | 19:16 |
unrahul | is mdong around.. ? | 19:17 |
ccneill | right, but we don't actually preserve any state between test types | 19:17 |
ccneill | soooo | 19:17 |
ccneill | :( | 19:17 |
ccneill | ergh | 19:18 |
ccneill | maybe we could do it in the runner when we parse the template... | 19:18 |
unrahul | but.. arent we trying to avoid adding more stuff to runner..?, like a lot of things are happening in runner.. ryt now.. | 19:19 |
ccneill | yep | 19:20 |
ccneill | :\ | 19:20 |
*** jamielennox is now known as jamielennox|away | 19:21 | |
ccneill | runner's kind of a mess right now lol | 19:21 |
unrahul | yeah... ideally it should be split into multiple files. | 19:21 |
ccneill | yep | 19:22 |
ccneill | we could also probably name things a little more intuitively | 19:22 |
unrahul | yeah, get_testcase, get_tests :D | 19:24 |
ccneill | >_< | 19:24 |
*** jmckind has joined #openstack-security | 19:30 | |
*** sdake has joined #openstack-security | 19:31 | |
*** jmckind__ has joined #openstack-security | 19:32 | |
openstackgerrit | Charles Neill proposed openstack/syntribos: added min and max severity and confidence filtering https://review.openstack.org/331868 | 19:32 |
*** sdake_ has quit IRC | 19:33 | |
*** jmckind_ has quit IRC | 19:33 | |
*** jmckind has quit IRC | 19:35 | |
openstackgerrit | Merged openstack/syntribos: added min and max severity and confidence filtering https://review.openstack.org/331868 | 19:46 |
*** sdake_ has joined #openstack-security | 20:01 | |
*** salv-orlando has joined #openstack-security | 20:04 | |
*** sdake has quit IRC | 20:04 | |
*** browne has quit IRC | 20:05 | |
*** ccneill has quit IRC | 20:12 | |
*** jhfeng has quit IRC | 20:12 | |
*** ccneill has joined #openstack-security | 20:13 | |
*** jhfeng has joined #openstack-security | 20:22 | |
*** jmckind__ has quit IRC | 20:25 | |
*** salv-orlando has quit IRC | 20:27 | |
*** salv-orlando has joined #openstack-security | 20:28 | |
*** browne has joined #openstack-security | 20:29 | |
ccneill | hey browne: any chance you have a sec to look back over the signals CR I've been working on? really appreciate your comments recently - we're kind of bottlenecked on reviews to an extent because we have so few people working on it | 20:30 |
ccneill | no worries if you're busy, but if you have a chance this week it would be super helpful | 20:31 |
browne | sure i'll take a look | 20:32 |
ccneill | sweet | 20:32 |
ccneill | here's the link: https://review.openstack.org/#/c/331286/ | 20:32 |
*** jhfeng has quit IRC | 20:32 | |
*** sdake_ has quit IRC | 20:34 | |
*** jhfeng has joined #openstack-security | 20:49 | |
*** jhfeng has quit IRC | 20:49 | |
*** BigWillie has quit IRC | 20:54 | |
*** jhfeng has joined #openstack-security | 21:16 | |
*** edtubill has quit IRC | 21:19 | |
*** sdake has joined #openstack-security | 21:28 | |
*** mvaldes has quit IRC | 21:32 | |
*** sdake_ has joined #openstack-security | 21:38 | |
*** sdake has quit IRC | 21:39 | |
*** sigmavirus24 is now known as sigmavirus24_awa | 21:40 | |
openstackgerrit | Vinay Potluri proposed openstack/syntribos: Added ssl checks based on signals https://review.openstack.org/332245 | 21:46 |
*** jamielennox|away is now known as jamielennox | 21:48 | |
*** ametts has quit IRC | 21:50 | |
unrahul | hey ccneill: when u ran the unit tests, did you get any endpoint not set error? | 21:50 |
ccneill | hmm, nope.. | 21:50 |
ccneill | you have to pip install requests-mock | 21:51 |
unrahul | yeah.. that i did.. | 21:51 |
unrahul | may be something with my env | 21:51 |
unrahul | let me figure it out.. | 21:51 |
ccneill | hmmm weird | 21:51 |
unrahul | yea.. | 21:51 |
ccneill | I'm working on those unittests right now, haven't seen any errors | 21:51 |
openstackgerrit | Charles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals https://review.openstack.org/331833 | 21:52 |
openstackgerrit | Charles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals https://review.openstack.org/331833 | 21:58 |
openstackgerrit | Vinay Potluri proposed openstack/syntribos: Creates SynSignal and SignalHolder classes https://review.openstack.org/331286 | 22:02 |
openstackgerrit | Vinay Potluri proposed openstack/syntribos: Added ssl checks based on signals https://review.openstack.org/332245 | 22:02 |
unrahul | ccneill: got it working, was some shell export issue. | 22:06 |
openstackgerrit | Rahul U Nair proposed openstack/syntribos: Checks for Syntribos signals https://review.openstack.org/332519 | 22:13 |
*** browne1 has joined #openstack-security | 22:14 | |
*** browne has quit IRC | 22:15 | |
ccneill | unrahul: interesting. I've run into some weird environment variable errors when using tmux to run syntribos, don't know if you're using that but usually killing/recreating the session fixes it | 22:17 |
ccneill | it only happens sporadically though | 22:17 |
unrahul | yup! | 22:17 |
unrahul | i exited out of tmux | 22:17 |
unrahul | and things worked .. | 22:17 |
*** sdake has joined #openstack-security | 22:21 | |
*** sdake_ has quit IRC | 22:24 | |
openstackgerrit | Mike Lange proposed openstack/security-doc: Added section for the phases of an audit. Updated link to CSA CCM https://review.openstack.org/330647 | 22:30 |
*** sdake_ has joined #openstack-security | 22:31 | |
*** sdake has quit IRC | 22:34 | |
*** jamielennox is now known as jamielennox|away | 22:44 | |
*** sdake_ has quit IRC | 22:49 | |
openstackgerrit | Charles Neill proposed openstack/syntribos: Creates SynSignal and SignalHolder classes https://review.openstack.org/331286 | 22:52 |
*** jamielennox|away is now known as jamielennox | 22:53 | |
*** salv-orl_ has joined #openstack-security | 22:58 | |
*** rcernin has quit IRC | 23:00 | |
*** salv-orlando has quit IRC | 23:00 | |
openstackgerrit | Charles Neill proposed openstack/syntribos: Modifies HTTP client to use checks/signals https://review.openstack.org/331833 | 23:02 |
*** jamielennox is now known as jamielennox|away | 23:05 | |
*** salv-orl_ has quit IRC | 23:06 | |
*** edmondsw has quit IRC | 23:15 | |
*** jhfeng has quit IRC | 23:23 | |
*** sdake has joined #openstack-security | 23:24 | |
*** catintheroof has quit IRC | 23:35 | |
*** ccneill has quit IRC | 23:42 | |
*** sdake has quit IRC | 23:42 | |
*** jamielennox|away is now known as jamielennox | 23:57 | |
*** lmiccini has quit IRC | 23:59 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!